OASIS eXtensible Access Control Markup Language (XACML) TC

Minutes 3 May 2012 TC Meeting

  • 1.  Minutes 3 May 2012 TC Meeting

    Posted 05-03-2012 17:49
    I. Roll Call & Approve Minutes: Voting Members Hal Lockhart (Chair) Bill Parducci (Co-Chair/Minutes) Richard Hill Rich Levinson Remon Sinnema Danny Thorpe John Tolbert Paul Tyson Members John Davis Erik Rissanen David Staggs Quorum met: (88% per Oasis) Minutes from 19 April 2012 TC meeting voted upon. APPROVED UNANIMOUSLY. II. Adminitrivia SAML and XACML -- Speaking Opportunity Oasis has a speaking opportunity at the upcoming EEMA conference in Paris this June. Interested speakers should reach out to Jane Harnad. IETF - PLASMA Hal noted that the main reference to XACML are discussed in the existing architectural models. John was at PSTP meeting yesterday, will be generating comments to list for review/feedback. John is ultimately interested in seeing messaging based security based upon XACML complaint policies. Rich concurred. W3C - ODRL Paul briefly reviewed his posting. He is looking for feedback from the TC. John voiced a common interest in exploring how this work may overlap with XACML. XACML 3.0 Core This has been submitted to Oasis TC Admin and is in queue to be processed. Public Review has not yet begun. REST Profile of XACML v3.0 Version 1.0 Working Draft 02 has been uploaded. Review and comments requested. XML Media Types Profile Ray uploaded new version and is requesting review/comments from the TC. XACML IPC Profile Working Draft 08 has been uploaded. III. Issues Issue #3: Combining Algorithm The TC is encouraged to perform a final review in preparation for a vote to begin the promotion process on this Profile. Issue #8: Schema Anomalies ("choice element" or "Policy w no Rules") Rich has action to post to wiki details of this issue and what suggested action will be. Media Types Hal suggested that define media types for what we have now, but not attempt to register types until they are fully defined. Specifically, lacking a normative representation of JSON it should not be included at this time. Ray suggested how to facilitate this. REST API Ray asked about the case of requesting the [list of] Policies as part of the Profile. Hal noted that this is not feasible in a number of occasions. The discussion then turned to the decision of whether this Profile intends to describe the existing model using JSON vs. introducing new capabilities that would make the interface more in line with "traditional" RESTful interfaces. Hal offered that he will post a review of this proposal to the list with references to the "Cohort" work referenced in the wiki. meeting adjourned.